Rewterz Threat Advisory – Adobe Releases Security Updates Fixing over 40 Vulnerabilities in Different Products

Wednesday, February 12, 2020

Severity

High

Analysis Summary

Analysis Summary

This update fixes twenty-one vulnerabilities in Adobe Framemaker.

Vulnerability CategorySeverityCVE Numbers
Buffer Error    CriticalCVE-2020-3734    
Heap Overflow    CriticalCVE-2020-3731CVE-2020-3735
Memory Corruption    CriticalCVE-2020-3739CVE-2020-3740    
Out-of-Bounds Write    CriticalCVE-2020-3720CVE-2020-3721CVE-2020-3722CVE-2020-3723CVE-2020-3724CVE-2020-3725CVE-2020-3726CVE-2020-3727CVE-2020-3728CVE-2020-3729CVE-2020-3730CVE-2020-3732CVE-2020-3733CVE-2020-3736CVE-2020-3737CVE-2020-3738    

 This update resolved seventeen vulnerabilities in Adobe Acrobat and Reader.

Vulnerability CategorySeverityCVE Number
Out-of-Bounds ReadImportantCVE-2020-3744CVE-2020-3747CVE-2020-3755    
Heap OverflowCriticalCVE-2020-3742
Buffer ErrorCriticalCVE-2020-3752CVE-2020-3754    
Use After FreeCriticalCVE-2020-3743CVE-2020-3745CVE-2020-3746CVE-2020-3748CVE-2020-3749CVE-2020-3750CVE-2020-3751    
Stack exhaustion    Moderate    CVE-2020-3753  CVE-2020-3756  
Privilege EscalationCriticalCVE-2020-3762CVE-2020-3763

A new update for Adobe Flash Player is available that fixes a Critical arbitrary code execution vulnerability.

Vulnerability CategorySeverityCVE Number
Type ConfusionCriticalCVE-2020-3757

Two vulnerabilities in Adobe Digital Editions have been fixed that could lead to information disclosure and arbitrary code execution.

Vulnerability CategorySeverityCVE Numbers
Buffer ErrorsImportantCVE-2020-3759 
Command Injection CriticalCVE-2020-3760

Adobe fixes a denial of service vulnerability in Adobe Experience Manager.

Vulnerability Category
 
Severity
 
CVE Number 
 
Uncontrolled Resource ConsumptionImportantCVE-2020-3741

Impact

  • Denial of Service
  • Information Disclosure
  • Arbitrary code execution
  • Memory Leak

Affected Vendors

Adobe

Affected Products

  • Adobe Framemaker 2019.0.4 and below
  • Acrobat DC & Acrobat Reader DC 2019.021.20061 and earlier versions for Windows & macOS
  • Adobe Flash Player Desktop Runtime 32.0.0.321 and earlier for Windows and macOS
  • Adobe Flash Player Desktop Runtime 32.0.0.314 and earlier for Linux
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 32.0.0.255 and earlier for Windows 10 and 8.1
  • Adobe Digital Editions 4.5.10 and below for Windows
  • Adobe Experience Manager 6.5 and 6.4 for all platforms
  • Acrobat & Acrobat Reader 2015.006.30508 and earlier versions for Windows & macOS
  • Acrobat for Windows 2017 & Acrobat Reader for MacOS 2017 2017.011.30156 and earlier versions
  • Adobe Flash Player for Google Chrome 32.0.0.321 and earlier for Windows macOS Linux and Chrome OS

Remediation

Apply following updates:

  • Adobe Framemaker 2019.0.5
  • The latest version of Adobe Acrobat and Reader.
  • Adobe Flash Player 32.0.0.330
  • Adobe Digital Editions 4.5.11
  • Latest version of Adobe Experience Manager

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 23, February 2020 Rewterz Threat Advisory – CVE-2019-16028 – Cisco Firepower Management Center
  • 17, February 2020 Rewterz Threat Alert – Satan ransomware rebrands as 5ss5c ransomware
  • 14, February 2020 Rewterz Threat Alert – Emotet Malware Hacks Nearby Wi-Fi Networks to Infect New Victims
  • 13, February 2020 Rewterz Threat Advisory – CVE-2020-3119 – Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution

Copyright © Rewterz. All rights reserved.